package com.airS.task.fileMgr.security.shiro.filter;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.airS.task.fileMgr.common.constants.FilemgrConstants;
import com.airS.task.fileMgr.common.response.BaseResponse;
import com.airS.task.fileMgr.common.response.ResponseCode;
import com.airS.task.fileMgr.model.gk.Permission;
import com.airS.task.fileMgr.query.gk.PermissionQuery;
import com.airS.task.fileMgr.service.gk.PermissionService;
import com.airS.task.fileMgr.utils.collection.CollectionUtils;
import com.airS.task.fileMgr.utils.servlet.ServletUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

/**
 * 系统权限认证过滤类
 * Created by alan on 2017/3/14.
 */
public class PermissionsAuthorizationFilter extends org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter {

	private static final Logger logger = LoggerFactory.getLogger(PermissionsAuthorizationFilter.class);

	@Autowired
	private PermissionService permissionService;

	/**
	 * 根据url进行权限过滤
	 * @param request
	 * @param response
	 * @param mappedValue
	 * @return
	 * @throws IOException
     */
	public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws IOException {

		return super.isAccessAllowed(request, response, getPermission(request));
	}

	/**
	 * 获取url
	 * @param request
	 * @return
     */
	public String[] getPermission(ServletRequest request) {
		String[] urls = new String[1];
		HttpServletRequest req = (HttpServletRequest) request;
		urls[0] = req.getServletPath();
		return urls;
	}

	@Override
	protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException {
		BaseResponse baseResponse = new BaseResponse();
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		HttpServletResponse httpServletResponse = (HttpServletResponse) response;
		PermissionQuery permissionQuery = new PermissionQuery();
		permissionQuery.setUrl(httpServletRequest.getServletPath());
		Permission permission = CollectionUtils.getFirst(permissionService.queryPermissions(permissionQuery).getList());
		if (permission != null && FilemgrConstants.COMMON_BOOLEAN.B0T.equals(permission.getIsFunction())) {
			baseResponse.setCode(ResponseCode.LOGIN_OUT);
			ServletUtils.writeJson(baseResponse, response);
		} else {
			WebUtils.issueRedirect(request, response, "/resources/error/login_timeout.html", null, true);
		}
	}

	/**
	 * 未认证且未授权时以json返回，不做跳转
	 * @param request
	 * @param response
	 * @return
	 * @throws IOException
     */
	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
		// TODO 后期改成根据标识返回
		BaseResponse baseResponse = new BaseResponse();
		Subject subject = getSubject(request, response);
		HttpServletRequest httpServletRequest = (HttpServletRequest) request;
		HttpServletResponse httpServletResponse = (HttpServletResponse) response;
		PermissionQuery permissionQuery = new PermissionQuery();
		permissionQuery.setUrl(httpServletRequest.getServletPath());
		Permission permission = CollectionUtils.getFirst(permissionService.queryPermissions(permissionQuery).getList());
		if (subject.getPrincipal() == null) {
			if (permission != null && FilemgrConstants.COMMON_BOOLEAN.B0T.equals(permission.getIsFunction())) {
				baseResponse.setCode(ResponseCode.LOGIN_OUT);
				ServletUtils.writeJson(baseResponse, response);
			} else {
				WebUtils.issueRedirect(request, response, "/resources/error/login_timeout.html", null, true);
			}
		} else {
			if (permission != null && FilemgrConstants.COMMON_BOOLEAN.B0T.equals(permission.getIsFunction())) {
				baseResponse.setCode(ResponseCode.AUTHORIZATION_FAIL);
				ServletUtils.writeJson(baseResponse, response);
			} else {
				WebUtils.issueRedirect(request, response, "/resources/error/permission_error.html", null, true);
			}
		}
		return false;

	}

}